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(54) Method for performing short-range wireless transactions between an hybrid wireless 
terminal and a service terminal 



(57) Tlie invention relates to a method for perfonn- 
ing a short-range wireless transaction between an hy- 
brid wireless temninai and a service terminal. The hybrid 
temninal is able to communicate over a first interface 
with a radio communication networl< and over a second 
interface for short-range wireless access with a sen/ice 
terminal, the hybrid wireless terminal comprises a user 
authentication infomnation for authenticating a user in 
the radio communication network. 

According to the Invention, the method consists of: 



transmitting over the second Interface for short- 
range wireless a message to the service terminal 
comprising at least the user authentication informa- 
tion; 

authenticating the user at the service terminal by 
checking the received user authentication infoniia- 
tion against an authentication database; 
enabling the transaction if the user authentication 
has been successful. 
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Description 

[0001] The present invention relates to wireless short- 
range data communication systems and more particu- 
larly to a method for perfomiing short-range wireless 
transactions between an hybrid wireless terminal and a 
service tenninal. 

[0002] An hybrid wireless tenninal should be under- 
stood as a wireless tenninal dedicated to access to a 
radio communication network, as for example a GSIVI 
mobile phone or third generation UMTS mobile phone, 
further comprising an interface for short-range wireless 
access, for example a Bluetooth interface. An example 
of such an hybrid wireless tenninal is already known 
from Bluetooth Specification Version 1.0 B page 100 
from 1 December 1999 and describes the "3-in-1 phone" 
model with built-in Bluetooth technology. 
[0003] At home, the "3-in 1 phone" functions as a 
cordless telephone. On the move, it functions as a cel- 
lular telephone. For these two first applications, the mo- 
bile telephone uses the usual interface to a radio com- 
munication network at home the 3-ln-1 phone commu- 
nicates for example over DECT to a local base station, 
on the moves, the 3-in-1 phone communicates over 
GSM. 

[0004] In a third configuration, when the 3-in-1 phone 
comes within the range of another mobile phone with 
built-in Bluetooth technology, it functions as a walkie- 
talkie and communicates exclusively with the other mo- 
bile phone over the Bluetooth Interface. In that case the 
communication does not require resources from a radio 
communication network. Moreover, the communication 
is not billed. 

[0005] Bluetooth is a computing and telecommunica- 
tions industry specification that describes how mobile 
phones, computers, personal digital assistants and oth- 
er stand-alone devices can easily interconnect with 
each other using a short-range wireless connection. The 
technology requires that a low-cost transceiver chip be 
included in each device. Each device is equipped with 
a microchip transceiver that transmits and receives In a 
frequency band of 2.45 GHz that is available globally 
(with some variation of bandwidth in different countries). 
The maximum range between two Bluetooth equipped 
devices for setting up a connection is 10 meters. Data 
as well as voice communications can be set up over the 
Bluetooth interface. Data can be exchanged at a rate of 
1 megabits per second (up to 2 Mbps in the second gen- 
eration of the technology). A frequency hop scheme al- 
lows devices to communicate even in areas with a great 
deal of electromagnetic Interference. Each device is 
Identified by a unique 48-bit address defined in the Blue- 
tooth standard. Built-in encryption and verification of this 
unique address is provided for ensuring the connection 
security. However, the verification described in the Blue- 
tooth standard is uniquely based on a device identifica- 
tion. This identification prevents a Bluetooh device not 
registered at another Bluetooth device to communicate 
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with it. A drawback of this device-based identification is 
that no user authentication is possible and as a conse- 
quence a lot of applications requiring a user authentica- 
tion are not possible over the short-range wireless Blue- 
5 tooth interface. 

[0006] The term service terminal is used to cover ter- 
minals that are able to provide a service to a user that 
starts a transaction with this service tenninal over a 
short range wireless interface. During a transaction, a 
10 user requests a service to be provided by the service 
terminal, the transaction comprises a dialog between 
the user and the service tenninal for checking the mo- 
dalities in which the servtee has to be provided as well 
as an authentication of the user If the authentication has 
15 been successful, the service tenninal provides the serv- 
ice to the user and ends the transaction. 
[0007] Since the services provided by the service ter- 
minal are preferably billed to the user, the authentk^ation 
of the user is required for authorizing the service temni- 
20 nal provider to be credited the amount of money re- 
quired for the service. Possible examples of service ter- 
minals entering this category are: a toll gate that opens 
automatically and deducts the toll gate price from the 
bank account of drivers equipped with an hybrid mobile 
25 phone with Bluetooth interface, a drink automate that is 
controlled by an hybrid mobile phone from a user want- 
ing to buy a drink, the cost of this drink being deducted 
from his bank account or added to his phone bill. 
[0008] On the other hand, the services provided by a 
30 service temninal may be confidential. In that case, an 
authentication of the user is also required to preserve 
confidentiality. Example of servfce temninals entering 
this category are printers of bank account extracts con- 
trolled with an hybrid mobile phone or printers of medical 
35 reports controlled over an hybrid mobile phone. 

[0009] A particular object of the present invention is 
to provide a method enlarging the spectrum of applica- 
tions supported by an hybrid mobile phone In providing 
a method for user authentication over the short-range 
40 wireless interface. 

[0010] Another object of the invention is to take ad- 
vantage of the capabilities of an hybrid tenninal to re- 
duce the load produced by certain applications on the 
radio communication network. 
45 [001 1] These objects, and others that appear below, 
are achieved by a method for perfonning a short-range 
wireless transaction between an hybrid wireless tenni- 
nal and a service tenninal, the hybrid tenninal being able 
to communicate over a first interface with radio commu- 
50 nication network and over a second interface for short- 
range wireless access with aservice tenninal, the hybrid 
wireless tenninal comprising a user authentication infor- 
mation for authenticating a user in the radio communi- 
cation network. The method consists in perfonning the 
55 steps of: 

transmitting over the second interface for short- 
range wireless access a message to the service ter- 
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minal comprising at ieast the user authentication in- 
fonfnation; 

authenticating the user at the service temninal by 
checking the received user authentication Informa- 
tion against an authentication database; s 
enabling the transaction if the user authentication 
has been successful. 

[0012] This method has the advantage that a trans- 
action between the hybrid wireless temninal and the 
service temriinai Is Independent on the radio communi- 
cation networic coverage, indeed, even If the user Is lo- 
cated in an area where no radio communication networic 
coverage is provided, he can make a transaction with 
the service temninal. 

[0013] Another advantage of this method is that a 
transaction with the service terminal and a communica- 
tion over the radio communication network can be per- 
fomned simultaneously since the transaction with the 
service temninal does not require any radio communica- 
tion network resources. 

[001 4] The present invention also concerns a service 
temninal according to claim 6 and an hybrid wireless ter- 
minal according to claim 8. 

[001 5] Other characteristics and advantages of the in- 
vention will appear on reading the following description 
of a preferred implementation given by way of non-lim- 
iting illustrations, and from the accompanying drawings, 
in which: 

Figure 1 shows a system where a method according 
to the invention can be implemented; 
Figure 2 shows a flow diagram of an embodiment 
of the method according to the present invention; 
Figure 3 shows an embodiment of a wireless temni- 
nal according to the present invention; 
Figure 4 shows an embodiment of a service terminal 
according to the present invention. 

[0016] Figure 1 shows a system where a method ac- 
cording to the invention can be implemented. The sys- 
tem comprises an hybrid wireless terminal 11, a base 
station 13 belonging to a radio communication network 
14, a service terminal 12 and an authentication data- 
base 15. 

[0017] IHybrid wireless temninal 11 comprises an an- 
tenna 111 for communicating over the air interface with 
base station 13 of the radio communication network 14 
and a short-range wireless interface 112 for communi- 
cating over the air interface with service tenminal 12. 
[001 8] Radio communication network 1 4 Is preferably 
a GSM network or an UMTS network. However, any oth- 
er radio communication network providing features en- 
suring communication security like authentication and 
authorization could also be examples for radio commu- 
nication network 17. 

[0019] The short-range wireless interface used for 
communicating between hybrid wireless terminal 1 1 and 
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service tenninal 12 is preferably based on the Bluetooth 
standard. However, any other standardized short-range 
wireless interface may also be envisaged. Another ex- 
ample could be the Home RF standard. Both Bluetooth 
and Home RF are based on radio frequency communi- 
cation. Also optical communication using infrared may 
be used over the short-range wireless interface. Stand- 
ards defined by the Infrared Data Association (IrDa) de- 
scribes such an Infrared communication. 
[0020] An advantage of radio frequency communica- 
tion over the short-range wireless interface is that the 
antenna may be used for communication with radio 
communication network 14 as well as with service ter- 
minal 14. By using infrared communication on short- 
range wireless interface an infrared emitter should be 
Incorporated to the hybrid terminal. 
[0021] A condition for a communication to be estab- 
lished over the short-range wireless interface Is that the 
distance between the hybrid wireless tenninal and the 
service terminal is compatible with the distance indicat- 
ed in the standard (i.e. up to 10 meters for Bluetooth) 
for the radio wave to be received properly. 
[0022] Such a distance condition is usually not set for 
communicating with radio communication network 14 
since it is the purpose of a radio communication network 
provider to design his network so that a whole area cov- 
erage is ensured. This is achieved by an appropriate po- 
sitioning of the bases stations and the provision of hand- 
over procedure. The goal of short-range wireless com- 
munication, on the contrary, is to enable a communica- 
tion between two devices either close to each other or 
even In front of each other without any obstacles In be- 
tween. 

[0023] According to the invention hybrid wireless ter- 
minal 11 transmits over short-range wireless interface 
112 a user authentication infomnatlon used at service 
temninal 1 2 to perfonn user authentication. This user au- 
thentication information is located In an identification 
module at wireless terminal 11 already dedicated to be 
used for authenticating the user of wireless terminal 11 
In radio communication network 14. This identification 
module is preferably the SIM (Subscriber identification 
Module) card and comprises user authentication Infor- 
mation. Example of such user authentication infomna- 
tlon may be the IMSI or TMSI (International resp. Tem- 
porary Mobile Subscriber Identification). Other possible 
user authentication Information enabling it to unlvocally 
Identify the user may also be saved on the SIM card for 
example a bank account number or a PIN number. 
[0024] For providing such short-range communica- 
tions with security somewhat comparable to the security 
provided in radio communication network 14, service 
terminal 12 Is connected to a database 15 containing 
user authentication information of users authorized to 
make transactions with service tenninal 12. 
[0025] This database may be physically connected to 
service tenninal 12. Database 15 may also be part of 
service terminal 12 itself. In such a case, each service 
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terminat is connected to a replicated version of database 
15. 

[0026] Alternatively, this database 15 may be a cen- 
tral element to which service temninal 12 is connected 
over an appropriate networic. In this configuration, sev- 
eral service terminals may be simultaneously connected 
to database 1 5. In this case, the database contents have 
not to be replicated and as a consequence are less sub- 
ject to data inconsistencies. 

[0027] In a preferred embodiment, database 1 5 is the 
same database as the one used by the radio communi- 
cation network 14 for perfonning authentication in the 
radio communication network 14. In this embodiment, 
database 15 may con-espond to the Home Location 
Register (HLR) of the radio communication network 14. 
The sen/ice temiinal 1 2 is allowed by the radio commu- 
nication network operator to have access to the HLR 
over a specific secured connection. In case service ter- 
minal 1 2 is part of a network of a plurality of service ter- 
minals, a central entity in the network of service terminal 
may be responsible for forwarding the authentication re- 
quests from the different service terminals to the HLR 
preferably over a permanent connection between this 
central entity and the HLR. 

[0028] Figure 2 shows a flow diagram of an embodi- 
ment of the method according to the present invention 
comprising steps 21 to 25. 

[0029] Step 21 consists in sending a transaction re- 
quest from the hybrid wireless terminal to a service ter- 
minal. At this stage, the usual Bluetooth standardized 
connection procedure can be used. 
[0030] Step 22, also part of this standardized connec- 
tion procedure, consists in performing the identification 
of the hybrid wireless terminal atthe service station. This 
identification makes use of the unique 48-bit address 
identifying each Bluetooth capable device. 
[0031] Step 23, according to the Invention and addi- 
tionally to the device identification perfomned at step 22, 
consists in perfomning user authentication. At this stage, 
a user authentication information stored in a identifica- 
tion module atthe hybrid wireless temiinal Is transmitted 
in a specific message to the service temiinal over the 
Bluetooth interface. This user authentication informa- 
tion is preferably also used for authenticating the user 
In the radio communication network, the hybrid wireless 
temiinal Is able to communicate with. 
[0032] Step 24 consists, upon reception of this spe- 
cific message at the service temiinal, in extracting the 
user authentication infonnation and perfonning a check 
against a database containing user authentication infor- 
mation of all users authorized to perfomn a secured 
transaction with the service temiinal. 
[0033] If the authentication is successful, that is to say 
the user Is one of the users authorized to perfonn se- 
cured transactions with the service temninal, the service 
terminal sends an acknowledgement to the hybrid wire- 
less temninai acknowledging his transaction request. 
[0034] Step 25 consists in perfonning the transaction 



itself. 

[0035] If the authentication at step 24 has not been 
successful, the transaction request Is rejected. As addi- 
tional security mechanism, the parameters of this un- 

5 successful transactions may be stored in a log file used 
for detecting suspicious transactions attempts. 
[0036] In a preferred embodiment, the message con- 
taining the user authentication infonnation may be pro- 
tected by encryption for preventing possible interception 

10 attempts. This is all the more Important as interception 
of an unprotected user authentication infonnation could 
enable an ill-intentioned interceptor to perfonn money 
transactions on the behalf of the user. Any usual encryp- 
tion mechanisms as known by those skilled in the art 

IS may be envisaged. It is possible to use the same en- 
cryption mechanism as the one used in the radio com- 
munication network, the hybrid wireless terminal Is able 
to communicate with. 

[0037] Figure 3 shows an embodiment of an hybrid 
20 wireless terminal according tothe present invention. Hy- 
brid wireless terminal 30 comprises two parts 31 and 32. 
First part 3 1 is dedicated to support communication with 
a usual radio communication network as GSM or UI\4TS 
for example. 

25 [0038] First part 31 comprises an antenna 311 , inter- 
face to the radio communication network, a first sender/ 
receiver module 312, a first communication controller 
313, and a subscriber identification module 314. 
[0039] Second part 32 comprises a short-range wire- 

30 less interface 321 for communicating over the air inter- 
face with a service tenninal, a second sender/receiver 
module 322 and a second communication controller 
323. The standard used over this interface is preferably 
Bluetooth. 

35 [0040] In prior art solutions, the two parts 31 and 32 
of this kind of hybrid terminal are independent f omn each 
other. On the contrary, according to the present Inven- 
tion, the subscriber identification module 314 is shared 
by first part 31 and second part 32 so that the second 

40 communication controller 322 can access to the sub- 
scriber Identification module 314 for extracting a user 
authentication Information fomn this module and trans- 
mitting it In an appropriate message over sender/receiv- 
er module 322 and interface 321 on the short-range 

45 wireless interface. 

[0041] In another embodiment of hybrid wireless ter- 
minal 30, the two sender/receivers 312 and 322 or the 
two communication controllers 313 and 323 may be lo- 
cated on the same physical entity, the communication 

50 process controlling the two parts being distinct In that 
case the process controlling the communication of sec- 
ond part 32 has access to subscriber identification mod- 
ule 31 4 what would still be in the scope of this invention. 
[0042] Figure 4 shows an embodiment of a service 

55 tenninal according to the present invention. Service ter- 
minal 40 comprises a short-range wireless interface 41 , 
a sender/receiver module 42, a communication control- 
ler 43, an authentication module 44 and an authentica- 
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tlon database 45. 
[0043] When receiving an message over interface 41 , 
and sender/receiver 42, this message is forwarded to 
communication controiler 43, said communication con- 
trolier detects if this message is an authentication mes- 
sage comprising a user authentication information. If It 
Is the case, this message is forwarded to authentication 
module 44 which makes a request to an authentication 
database 45 to checl< the user authentication informa- 
tion against the database contents. 
[0044] As already mentioned above, the authentica- 
tion database may be external to the service tenninal. 
In such a case, authentication module 44 sends a au- 
thentication request to this external database over a 
dedicated interface. 

[0045] As also mentioned above, the user authentica- 
tion information may be encrypted. It is also the task of 
the authentication module to decrypt the user authenti- 
cation information before checking it against the data- 
base contents. If the authentication has been success- 
ful, the authentication module 44 triggers the communi- 
cation controiler to send a transaction acknowledge- 
ment over the sender/receiver 42 and the interface 41 . 
[0046] As a conclusion, according to this Invention, 
sharing user authentication infomnatlon between usual 
radio communication network and short range wireless 
communication system is a source of new value added 
and secured applications for user of hybrid wireless ter- 
minals. 



Claims 

1 . Method for performing a short-range wireless trans- 
action between an hybrid wireless temiinal (1 1 , 30) 
and a service temnlnai (1 2), said hybrid tennlnai (11) 
being able to communicate over a first interface 
(111) with a radio communication network (14) and 
over a second interface for short-range wireless ac- 
cess (112) with said service terminal (12), said hy- 
brid wireless terminal (11) comprising a user au- 
thentication information for authenticating a user in 
said radio communication network (14), said meth- 
od being characterized in that it comprises the 
steps of: 

transmitting over said second interface (1 1 2) a 
message to said service tenninal (1 2) compris- 
ing said user authentication Infomiatlon; 
authenticating said user at said service terminal 
(12) by checking said received user authenti- 
cation infonnation against an authentication 
database (15); 

enabling said transaction if said user authenti- 
cation has been successful. 

2. Method according to claim 1 , characterized In that 
said authentication database (15) Is shared by said 
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sen/ice tenninal (1 2) and said radio communication 
networi< (14). 

3. Method according to claim 2, characterized in that 
5 said authentication database (15) is the Home Lo- 
cation Register (HLR) of said radio communication 
networi^ (14). 

4. Method according to any of the claims 1 to 3, char- 
ge acterlzed In that said interface for short-range ac- 
cess at said hybrid wireless tenninal (1 1 ) and at said 
service tenninal (12) are compliant with the Blue- 
tooth standard. 

IS 5. Method to any of the claims 1 to 4, characterized 
in that said user authentication infonnation Is part 
of a SIM (Subscriber Identity Module) card. 

6. Service tenninal (40) dedicated to perfonn a trans- 
20 action over a short-range wireless interface (41), 

characterized in that it comprises: 

means (42, 43) for receiving a user authentica- 
tion infonnation from a wireless terminal, said 
25 user authentication infonnation being dedicat- 

ed to authenticate a user In a radio communi- 
cation network; 

an authentication module (44) for authenticat- 
ing said user at said service tenninal (40) by 
30 checking said received user authentication in- 

fonnation against an authentication database 
(45) of said radio corrimunication network, said 
authentication module enabling said transac- 
tion if said authentication has been successful. 

35 

7. Service temnlnai (40) according to claim 6 charac- 
terized In that it further comprises decryption 
means for decrypting said received user authenti- 
cation infonnation according to a predefined de- 

40 cryption algorithm. 

8. Wireless tenninal (11, 30) comprising a first part 
(31 ) for communicating with a radio communication 
networic and a second part (32) for communicating 

^ with a service tenninal over a short-range wireless 
interface (321 ), said first part (31 ) comprising a user 
authentication module (31 4) for authenticating a us- 
er in said radio communication network, said wire- 
less tenninal (30) being characterized in that said 
50 second part (32) has access to said user authenti- 
cation module (314) and transmits at least an user 
authentication information contained in said user 
authentication module (314) over said short-range 
wireless access interface (321) to said servk;e ter- 
55 minal for authenticating said user in said service ter- 
minal. 

9. Wireless temnlnai (11, 30) according to claim 8, 
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characterized in that it further performs encryption 
of said user authentication information according to 
a predefined encryption algorithm before transmit- 
ting said user authentication infomiation over said 
short-range wireless interface. s 
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